[Samba] Access to sharing by hostname but not by its IP
marc-henri.pamiseux at libricks.org
Tue Jul 25 17:30:39 UTC 2017
Ok, lets try again :)
idmap range is set from 700 to 3000300.
Range from 700 to 999 is reserved to default idmap and from 1000 to
3000300 for users and groups.
Le 25/07/2017 à 17:39, Rowland Penny via samba a écrit :
> If you use the winbind 'ad' backend, then any user you want to be
> visible to Unix, must have a uidNumber attribute containing a number
> inside the 'DOMAIN' range set in smb.conf.
Yes, that already was like this.
> The users Unix primary group must also have a gidNumber attribute
> containing a number inside the same range.
No, it was not.
Primary Group for all the users was "Domain Users" with the gid set to
513. So i define a new Group that i called "Domain Standard Users" with
GID set to 2513. All users have this group as a primary group and for
each user, i've change the value of gidNumber to 2513.
> Before Samba 4.6.0 this meant that 'Domain Users' must have a
> gidNumber, From 4.6.0 this changes. You now need to give your users a
> gidNumber containing the Unix ID number of a group and the group would
> have to have a gidNumber attribute containing the same number.
An example is always better :
user called myident has an uidNumber set to 1072.
This user is member of differents groups but its primary is "Domain
Standard Users" wich gidNumber is set to 2513.
Am i in the true ?
> For instance, if you have a group in AD called 'unixgroup' and this
> group has a gidnumber attribute containing the ID '10000', then to make
> this group your users Unix primary group, you would add 'gidNumber:
> 10000' to the users AD objects.
Well, after reading this i'm not sure now...
> You would also need to add a line to
> idmap config SAMDOM:unix_primary_group = yes
> If you do not have the above line in smb.conf, then, as far as I
> understand, it still works in the same way as earlier versions i.e.
> Domain Users needs a gidNumber.
I did not add this line in smb.conf as i understand it is not necessary.
> If everything else is setup correctly, 'getent passwd username' should
> show the users info and until it does, your user is unknown to Unix.
You are a king !
# getent passwd myident
# getent group "domain standard users"
domain standard users:x:2513:
Strange that no one apears as member of that group. But it is their
Primary Group so it may be usual.
I will check other stuff but Samba is presented under better auspices.
Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
6 rue Léonard de Vinci - CS 20119, 53001 LAVAL Cedex
Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97
More information about the samba